libsaml 2.9.0 → 2.10.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 194bdb769169b21923b5fa689fe9866751f09f0a
4
- data.tar.gz: 5ab51c74f9e390e80388f1529016f1c49b3a187e
3
+ metadata.gz: 882f50e4ac23264d5ca2b47dca17df3805e8a6ed
4
+ data.tar.gz: 52e24e2e5867fd8709011f2c5e96b1a3d8f56ea9
5
5
  SHA512:
6
- metadata.gz: 199ce03937ac45c4cc56879ab807af9d61152be42777e140878685b28ad1adf657379eed0029e63b54a38f5be55168101a997400605e3d869685f45b1a93cc82
7
- data.tar.gz: 6e655df6e753dc658eb7207a0936e14746b61358498a541b662b94dda7bfa047de9d241eec12d28fd50a28209df1ed6abd992637e762e480a083473e18fb9dd0
6
+ metadata.gz: d4b5a5bef05f0756775db7cbe1922fb1fe8b62cb84807c43a832cca8b66f571e3db090c321d7e49fd8365f57547dc3725f91469c1e85bd1a62d33719e380d7b2
7
+ data.tar.gz: d346b7bcb9c684047717ff157615b16fbf35cfd2c09de5f9e9b6f95f66036182c44a68344dbef7a33e2c169a1aac1097375496dcc6b03a04b6b74f0de792dac4
data/lib/saml.rb CHANGED
@@ -97,6 +97,9 @@ module Saml
97
97
  require 'saml/complex_types/attribute_type'
98
98
  require 'saml/complex_types/localized_name_type'
99
99
  require 'saml/complex_types/statement_abstract_type'
100
+ require 'saml/complex_types/subject_query_abstract_type'
101
+ require 'saml/complex_types/attribute_query_type'
102
+ require 'saml/complex_types/evidence_type'
100
103
  end
101
104
 
102
105
  module Elements
@@ -113,6 +116,9 @@ module Saml
113
116
  require 'saml/elements/subject_confirmation'
114
117
  require 'saml/elements/encrypted_assertion'
115
118
  require 'saml/elements/encrypted_attribute'
119
+ require 'saml/elements/name_id'
120
+ require 'saml/elements/name_id_format'
121
+ require 'saml/elements/encrypted_id'
116
122
  require 'saml/elements/attribute_value'
117
123
  require 'saml/elements/attribute'
118
124
  require 'saml/elements/attribute_statement'
@@ -124,8 +130,6 @@ module Saml
124
130
  require 'saml/elements/service_description'
125
131
  require 'saml/elements/requested_attribute'
126
132
  require 'saml/elements/attribute_consuming_service'
127
- require 'saml/elements/name_id'
128
- require 'saml/elements/name_id_format'
129
133
  require 'saml/elements/subject'
130
134
  require 'saml/elements/conditions'
131
135
  require 'saml/elements/authn_statement'
@@ -141,6 +145,8 @@ module Saml
141
145
  require 'saml/elements/attribute_authority_descriptor'
142
146
  require 'saml/elements/entity_descriptor'
143
147
  require 'saml/elements/entities_descriptor'
148
+ require 'saml/elements/attribute_query'
149
+ require 'saml/elements/evidence'
144
150
  end
145
151
 
146
152
  module Rails
@@ -0,0 +1,20 @@
1
+ module Saml
2
+ module ComplexTypes
3
+ module AttributeQueryType
4
+ extend ActiveSupport::Concern
5
+
6
+ include SubjectQueryAbstractType
7
+
8
+ included do
9
+ has_many :attributes, Saml::Elements::Attribute
10
+ end
11
+
12
+ def initialize(*args)
13
+ options = args.extract_options!
14
+ super(*(args << options))
15
+ @attributes = []
16
+ end
17
+ end
18
+ end
19
+ end
20
+
@@ -0,0 +1,23 @@
1
+ module Saml
2
+ module ComplexTypes
3
+ module EvidenceType
4
+ extend ActiveSupport::Concern
5
+
6
+ included do
7
+ require 'saml/assertion'
8
+
9
+ has_many :assertion, ::Saml::Assertion
10
+
11
+ validates :assertion, presence: true
12
+ end
13
+
14
+ def initialize(*args)
15
+ options = args.extract_options!
16
+ @assertion = options.delete(:assertion)
17
+ super(*(args << options))
18
+ end
19
+ end
20
+ end
21
+ end
22
+
23
+
@@ -0,0 +1,27 @@
1
+ module Saml
2
+ module ComplexTypes
3
+ module SubjectQueryAbstractType
4
+ extend ActiveSupport::Concern
5
+
6
+ include RequestAbstractType
7
+
8
+ included do
9
+ element :subject, Saml::Elements::Subject
10
+
11
+ validates :subject, presence: true
12
+ end
13
+
14
+ def initialize(*args)
15
+ options = args.extract_options!
16
+ @subject = Saml::Elements::Subject.new(
17
+ name_id: options.delete(:name_id),
18
+ name_id_format: options.delete(:name_id_format),
19
+ recipient: options.delete(:recipient),
20
+ in_response_to: options.delete(:in_response_to)
21
+ )
22
+ super(*(args << options))
23
+ end
24
+ end
25
+ end
26
+ end
27
+
@@ -0,0 +1,12 @@
1
+ module Saml
2
+ module Elements
3
+ class AttributeQuery
4
+ include HappyMapper
5
+ include Saml::Base
6
+ include Saml::ComplexTypes::AttributeQueryType
7
+
8
+ tag 'AttributeQuery'
9
+ namespace 'samlp'
10
+ end
11
+ end
12
+ end
@@ -1,14 +1,17 @@
1
1
  module Saml
2
2
  module Elements
3
3
  class AttributeValue
4
- include Saml::Base
4
+ include ::Saml::Base
5
+
6
+ tag 'AttributeValue'
5
7
 
6
8
  register_namespace 'saml', Saml::SAML_NAMESPACE
7
9
  register_namespace 'xs', Saml::XS_NAMESPACE
8
10
  register_namespace 'xsi', Saml::XSI_NAMESPACE
9
11
 
10
12
  namespace 'saml'
11
- tag 'AttributeValue'
13
+
14
+ has_one :encrypted_id, EncryptedID
12
15
 
13
16
  attribute :type, String, tag: 'xsi:type'
14
17
 
@@ -0,0 +1,53 @@
1
+ module Saml
2
+ module Elements
3
+ class EncryptedID
4
+ include ::HappyMapper
5
+ include ::Saml::Base
6
+ include ::Saml::XMLHelpers
7
+
8
+ tag 'EncryptedID'
9
+
10
+ register_namespace 'saml', ::Saml::SAML_NAMESPACE
11
+ namespace 'saml'
12
+
13
+ has_one :encrypted_data, Xmlenc::Builder::EncryptedData
14
+ has_many :encrypted_keys, Xmlenc::Builder::EncryptedKey
15
+ has_one :name_id, Saml::Elements::NameId
16
+
17
+ validates :encrypted_data, presence: true
18
+
19
+ def initialize(*args)
20
+ options = args.extract_options!
21
+ super(*(args << options))
22
+ end
23
+
24
+ def encrypt(key_descriptor, key_options = {})
25
+ certificate = key_descriptor.certificate
26
+ key_name = key_descriptor.key_info.key_name
27
+
28
+ self.encrypted_data = Xmlenc::Builder::EncryptedData.new
29
+ self.encrypted_data.set_key_retrieval_method Xmlenc::Builder::RetrievalMethod.new(
30
+ uri: "##{key_options[:id]}"
31
+ )
32
+ self.encrypted_data.set_encryption_method(
33
+ algorithm: 'http://www.w3.org/2001/04/xmlenc#aes256-cbc'
34
+ )
35
+ encrypted_key = self.encrypted_data.encrypt(name_id_xml, key_options)
36
+ encrypted_key.set_encryption_method(
37
+ algorithm: 'http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p',
38
+ digest_method_algorithm: 'http://www.w3.org/2000/09/xmldsig#sha1'
39
+ )
40
+ encrypted_key.set_key_name key_name
41
+ encrypted_key.encrypt certificate.public_key
42
+ self.encrypted_keys = [encrypted_key]
43
+ self.name_id = nil
44
+ end
45
+
46
+ private
47
+
48
+ def name_id_xml
49
+ Nokogiri::XML(name_id.to_xml).root.to_xml
50
+ end
51
+ end
52
+ end
53
+ end
@@ -0,0 +1,11 @@
1
+ module Saml
2
+ module Elements
3
+ class Evidence
4
+ include HappyMapper
5
+ include Saml::Base
6
+ include Saml::ComplexTypes::EvidenceType
7
+
8
+ tag 'Evidence'
9
+ end
10
+ end
11
+ end
data/lib/saml/util.rb CHANGED
@@ -29,7 +29,11 @@ module Saml
29
29
  http.key = OpenSSL::PKey::RSA.new(key)
30
30
  end
31
31
 
32
- headers = { 'Content-Type' => 'text/xml' }
32
+ headers = {
33
+ 'Content-Type' => 'text/xml',
34
+ 'Cache-Control' => 'no-cache, no-store',
35
+ 'Pragma' => 'no-cache'
36
+ }
33
37
  headers.merge! additional_headers
34
38
 
35
39
  request = Net::HTTP::Post.new(uri.request_uri, headers)
@@ -85,6 +89,23 @@ module Saml
85
89
  Saml::Assertion.parse(encrypted_document.decrypt(private_key), single: true)
86
90
  end
87
91
 
92
+ def encrypt_name_id(name_id, key_descriptor, key_options = {})
93
+ encrypted_id = Saml::Elements::EncryptedID.new(name_id: name_id)
94
+ encrypt_encrypted_id(encrypted_id, key_descriptor, key_options)
95
+ end
96
+
97
+ def encrypt_encrypted_id(encrypted_id, key_descriptor, key_options = {})
98
+ encrypted_id.encrypt(key_descriptor, key_options)
99
+ encrypted_id
100
+ end
101
+
102
+ def decrypt_encrypted_id(encrypted_id, private_key)
103
+ encrypted_id_xml = encrypted_id.is_a?(Saml::Elements::EncryptedID) ?
104
+ encrypted_id.to_xml : encrypted_id.to_s
105
+ encrypted_document = Xmlenc::EncryptedDocument.new(encrypted_id_xml)
106
+ Saml::Elements::EncryptedID.parse(encrypted_document.decrypt(private_key))
107
+ end
108
+
88
109
  def verify_xml(message, raw_body)
89
110
  document = Xmldsig::SignedDocument.new(raw_body)
90
111
 
data/lib/saml/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Saml
2
- VERSION = "2.9.0"
2
+ VERSION = "2.10.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: libsaml
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.9.0
4
+ version: 2.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Benoist Claassen
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-10-20 00:00:00.000000000 Z
11
+ date: 2015-10-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -72,14 +72,14 @@ dependencies:
72
72
  requirements:
73
73
  - - "~>"
74
74
  - !ruby/object:Gem::Version
75
- version: 0.3.0
75
+ version: 0.4.0
76
76
  type: :runtime
77
77
  prerelease: false
78
78
  version_requirements: !ruby/object:Gem::Requirement
79
79
  requirements:
80
80
  - - "~>"
81
81
  - !ruby/object:Gem::Version
82
- version: 0.3.0
82
+ version: 0.4.0
83
83
  - !ruby/object:Gem::Dependency
84
84
  name: curb
85
85
  requirement: !ruby/object:Gem::Requirement
@@ -133,8 +133,10 @@ files:
133
133
  - lib/saml/bindings/http_post.rb
134
134
  - lib/saml/bindings/http_redirect.rb
135
135
  - lib/saml/bindings/soap.rb
136
+ - lib/saml/complex_types/attribute_query_type.rb
136
137
  - lib/saml/complex_types/attribute_type.rb
137
138
  - lib/saml/complex_types/endpoint_type.rb
139
+ - lib/saml/complex_types/evidence_type.rb
138
140
  - lib/saml/complex_types/indexed_endpoint_type.rb
139
141
  - lib/saml/complex_types/localized_name_type.rb
140
142
  - lib/saml/complex_types/request_abstract_type.rb
@@ -142,10 +144,12 @@ files:
142
144
  - lib/saml/complex_types/sso_descriptor_type.rb
143
145
  - lib/saml/complex_types/statement_abstract_type.rb
144
146
  - lib/saml/complex_types/status_response_type.rb
147
+ - lib/saml/complex_types/subject_query_abstract_type.rb
145
148
  - lib/saml/config.rb
146
149
  - lib/saml/elements/attribute.rb
147
150
  - lib/saml/elements/attribute_authority_descriptor.rb
148
151
  - lib/saml/elements/attribute_consuming_service.rb
152
+ - lib/saml/elements/attribute_query.rb
149
153
  - lib/saml/elements/attribute_statement.rb
150
154
  - lib/saml/elements/attribute_value.rb
151
155
  - lib/saml/elements/audience_restriction.rb
@@ -156,9 +160,11 @@ files:
156
160
  - lib/saml/elements/contact_person.rb
157
161
  - lib/saml/elements/encrypted_assertion.rb
158
162
  - lib/saml/elements/encrypted_attribute.rb
163
+ - lib/saml/elements/encrypted_id.rb
159
164
  - lib/saml/elements/entities_descriptor.rb
160
165
  - lib/saml/elements/entity_attributes.rb
161
166
  - lib/saml/elements/entity_descriptor.rb
167
+ - lib/saml/elements/evidence.rb
162
168
  - lib/saml/elements/idp_sso_descriptor.rb
163
169
  - lib/saml/elements/key_descriptor.rb
164
170
  - lib/saml/elements/key_info.rb